The Desmond Hotel & Conference Center (The Desmond) recently discovered a serious data security breach of its computer system, and specifically its property management system, that occurred between May 21, 2011 and March 10, 2012. Anyone who was a guest of The Desmond during that period may have had credit and/or debit card information compromised.

The security breach involved international hackers gaining access to The Desmond’s computer system. According to the cyber security firm recommended by the U.S. Secret Service and hired by The Desmond to investigate the breach, the credit and debit card security breach was limited to The Desmond’s property management system; that is, the computer system used for reservations or payment of a guest room. If a credit or debit card was used anywhere else in the hotel, such as any of the restaurants, or for any reason other than reserving and paying for a guest room, a credit or debit card’s information was not compromised.

If any credit and/or debit card information was accessed by the hackers, it would have included the cardholder’s full name, credit and/or debit card number, credit and/or debit card expiration date, other discretionary data that the credit and/or debit card company may have placed in the magnetic stripe on the back of the card, and the credit and/or debit card’s service code. The cyber security firm has advised that there is no evidence of debit card Personal Identification Numbers (PINs) having been accessed.

The Desmond is continuing to work with the cyber security firm and the U.S. Secret Service on this matter. In particular, the program created to gain access to The Desmond’s network and to obtain cardholder information has been removed. Additional steps have been taken to prevent this sort of compromise from happening again.

The Desmond has also advised the three (3) major U.S. credit reporting agencies – Experian, Equifax, and TransUnion – and has given those agencies a general report, alerting them to the fact that this incident occurred. Even though those steps have been taken, anyone who was a guest between May 21, 2011 and March 10, 2012 should take action as well.

This is a serious incident. As such, The Desmond strongly encourages its guests to immediately take preventative measures – including contacting credit card company(ies), banks/financial institutions, and the three (3) U.S. credit reporting agencies referenced above. Guests should do so to help prevent and detect any misuse of card information, if, in fact, that information was compromised.

To contact the three (3) major credit reporting agencies and request copies of credit reports, the telephone numbers (and websites) for ordering credit reports and placing fraud alerts on the credit reports are: 1-800-685-1111 or 1-800-525-6285 (Equifax – http://www.equifax.com); 1-888-397-3742 or 1-888-397-3742 (Experian – http://www.experian.com); and 1-800-888-4213 or 1-800-680-7289 (Trans Union – http://www.transunion.com). Even after obtaining credit reports, cardholders should periodically review updated credit reports to make sure they are accurate and include only those activities that have been authorized, and to make sure that information related to fraudulent activities can be deleted from the credit reports.

Everyone has the right to obtain their own credit report free of charge once a year through http://www.annualcreditreport.com. Anyone who has reason to believe that their file may contain inaccurate information due to fraud may also obtain their credit report anytime from the three (3) credit reporting agencies.

Cardholders also can request that the major credit reporting agencies place a fraud alert on their credit file, which will put creditors on notice that their accounts may be subject to fraud. By doing so, cardholders will require creditors to contact them before opening any new accounts or making changes to their existing accounts.

Guests of The Desmond during the period mentioned above should remain vigilant over the next year or so and promptly report any incidents of suspected identity theft to The Desmond, as well as the credit reporting agencies, their credit card companies, and their banks (if their debit card information was stolen). Guests should also review their account statements and immediately report any suspicious activity. If suspicious activity on credit reports is discovered, or if there is a reason to believe information is being misused, cardholders should file a police report and retain a copy of it to provide to The Desmond or other creditors when challenging any suspicious activity.

In addition to the steps described above, cardholders should file a report of any suspicious activity with the Federal Trade Commission (FTC) using the website or telephone number listed below. For more information on how to protect against identity theft, the FTC provides online guidance, as well as a toll-free telephone number. The FTC’s toll-free number is 1-877-IDTHEFT and its website address is http://www.consumer.gov/idtheft.

The Desmond thanks its guests for their careful attention to this matter. If anyone who thinks they may have been affected has any questions, you may contact Lisa Armbruster at The Desmond at 1-800-448-3500 or you may email her at Larmbruster(at)desmondhotels(dot)com. On behalf of the staff and management at The Desmond, we offer our sincerest apology for the concern and inconvenience this has caused.

About The Desmond

The Desmond is one of the premier hotels in Albany, New York; this luxurious hotel offers colonial charm and contemporary comfort combined with a business friendly environment featuring state of the art conferencing facilities. For hotel information or to make a reservation, call 1-800-448-3500 or visit http://www.desmondhotelsalbany.com/.